Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PAC: add 'sssd' user to the list of 'allowed_uids' #7309

Closed
wants to merge 1 commit into from
Closed

PAC: add 'sssd' user to the list of 'allowed_uids' #7309

wants to merge 1 commit into from

Conversation

alexey-tikhonov
Copy link
Member

:config:SSSD service user was added to the default value of PAC 'allowed_uids' in case corresponding support was built.

@alexey-tikhonov
PAC: add 'sssd' user to the list of 'allowed_uids'
bb39596 
:config:SSSD service user was added to the default value of
PAC 'allowed_uids' in case corresponding support was built.
@alexey-tikhonov alexey-tikhonov added Waiting for review no-backport This should go to target branch only. non-privileged labels Apr 23, 2024
jakub-vavra-cz
jakub-vavra-cz approved these changes Apr 23, 2024
View reviewed changes
Copy link
Contributor

@jakub-vavra-cz jakub-vavra-cz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jakub-vavra-cz
Copy link
Contributor

Tried unmodified tests with the build for c9s on rhel 9.5, looks like it works.
============================= test session starts ==============================
platform linux -- Python 3.11.6, pytest-7.1.1, pluggy-1.4.0 -- /usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.11.6', 'Platform': 'Linux-6.7.7-200.fc39.x86_64-x86_64-with-glibc2.36', 'Packages': {'pytest': '7.1.1', 'pluggy': '1.4.0'}, 'Plugins': {'output': '1.0.0', 'html': '1.22.1', 'metadata': '3.1.1', 'rerunfailures': '10.2', 'multihost': '3.4'}}
rootdir: /root/tews/nonroot-ad13/sssd, configfile: src/tests/multihost/ad/pytest.ini
plugins: output-1.0.0, html-1.22.1, metadata-3.1.1, rerunfailures-10.2, multihost-3.4
collecting ... collected 47 items / 45 deselected / 2 selected

src/tests/multihost/ad/test_adparameters_ported.py::TestADParamsPorted::test_0045_ad_parameters_upn_mismatch_check PASSED [ 50%]
src/tests/multihost/ad/test_adparameters_ported.py::TestADParamsPorted::test_0046_ad_parameters_upn_empty_skip_check PASSED [100%]

=============================== warnings summary ===============================
../../../../usr/local/lib/python3.11/site-packages/paramiko/transport.py:219
/usr/local/lib/python3.11/site-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
---------- generated xml file: /root/tews/nonroot-ad13/twd/junit.xml -----------
----- generated html file: file:///root/tews/nonroot-ad13/twd/report.html ------
=========== 2 passed, 45 deselected, 1 warning in 151.96s (0:02:31) ============
RETURN CODE: 0
UPSTREAM TESTS STEP END: src/tests/multihost/ad/test_adparameters_ported.py
PHASE END: test

[root@ed825d3ab1a7 twd]# ssh ip-10-0-169-15.rhos-01.prod.psi.rdu2.redhat.com
Warning: Permanently added 'ip-10-0-169-15.rhos-01.prod.psi.rdu2.redhat.com' (ED25519) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Tue Apr 23 08:51:03 2024 from 10.0.188.40
[root@ip-10-0-169-15 ~]# rpm -qa | grep sssd
python3-sssdconfig-9.pr7309-04517.el9.noarch
sssd-client-9.pr7309-04517.el9.x86_64
sssd-winbind-idmap-9.pr7309-04517.el9.x86_64
sssd-nfs-idmap-9.pr7309-04517.el9.x86_64
sssd-common-9.pr7309-04517.el9.x86_64
sssd-krb5-common-9.pr7309-04517.el9.x86_64
sssd-dbus-9.pr7309-04517.el9.x86_64
sssd-common-pac-9.pr7309-04517.el9.x86_64
sssd-ad-9.pr7309-04517.el9.x86_64
sssd-krb5-9.pr7309-04517.el9.x86_64
sssd-ldap-9.pr7309-04517.el9.x86_64
sssd-proxy-9.pr7309-04517.el9.x86_64
sssd-ipa-9.pr7309-04517.el9.x86_64
sssd-9.pr7309-04517.el9.x86_64
sssd-tools-9.pr7309-04517.el9.x86_64
sssd-kcm-9.pr7309-04517.el9.x86_64

sumit-bose
sumit-bose approved these changes Apr 23, 2024
View reviewed changes
Copy link
Contributor

@sumit-bose sumit-bose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

thank you for the patch, ACK.

bye,
Sumit

justin-stephenson
justin-stephenson approved these changes Apr 25, 2024
View reviewed changes
Copy link
Contributor

@justin-stephenson justin-stephenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack, thank you.

@alexey-tikhonov
Copy link
Member Author

Pushed PR: #7309

  • master
    • d8e8311 - PAC: add 'sssd' user to the list of 'allowed_uids'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakub-vavra-cz jakub-vavra-cz jakub-vavra-cz approved these changes

@sumit-bose sumit-bose sumit-bose approved these changes

@justin-stephenson justin-stephenson justin-stephenson approved these changes

Assignees

@justin-stephenson justin-stephenson

@sumit-bose sumit-bose

@jakub-vavra-cz jakub-vavra-cz

Labels
no-backport This should go to target branch only. non-privileged Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alexey-tikhonov @jakub-vavra-cz @justin-stephenson @sumit-bose